Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

myShows is broken #5

Open
michidk opened this issue Jul 6, 2022 · 10 comments
Open

myShows is broken #5

michidk opened this issue Jul 6, 2022 · 10 comments

Comments

@michidk
Copy link

michidk commented Jul 6, 2022

Seems like the API route https://api2.tozelabs.com/v2/my_shows does not work anymore:

>>> tvtime.show.myShows()
{'error': {'code': 500, 'message': None}}
@michidk
Copy link
Author

michidk commented Jul 6, 2022
edited
Loading

Seems to be a duplicate of #3 which was never fixed. The workaround still works, but we should either fix the broken myShows() or remove it.

@seanwlk
Copy link
Owner

seanwlk commented Jul 7, 2022

Yes i never had time to reverse engineer their new way of retrieving data in the app. Pull requests are well appreciated :D

@michidk
Copy link
Author

michidk commented Jul 8, 2022

How would I go about reverse engineering? The website does not use the API as far as I can tell. The first time I heard about this API was actually through this Python package. Is there an application using that API?
Otherwise, it's just wild-guessing API routes?

@seanwlk
Copy link
Owner

seanwlk commented Jul 8, 2022
edited
Loading

I created this package by reverse engineering the TVTime App for android https://play.google.com/store/apps/details?id=com.tozelabs.tvshowtime

The problem is that when they added support for movie tracking, they created a new API gateway that doesn't use HTTP Basic auth but JWT login, i handled to get the routes that have the data about the movies and the profile data with tv shows list and everything but got stuck at creating a JWT token that can be accepted by the backend since i'd have to implement a way to use the refresh token to keep the session alive like the app does

@michidk
Copy link
Author

michidk commented Jul 8, 2022

Okay, interesting. So implementing the JWT refresh logic would probably mean a rewrite

@seanwlk
Copy link
Owner

seanwlk commented Jul 8, 2022

Okay, interesting. So implementing the JWT refresh logic would probably mean a rewrite

Not necessarily, from what i've seen the token that gets sent at login expires after like 5 days but after that you'd have to refresh it to keep the requests going, so if someone had implemented an automated system that keeps the script going instead of single time runs, it would break.
(ex. script that runs on a plex server that scrapes for watched episodes and marks them as watched automatically)

@michidk
Copy link
Author

michidk commented Jul 8, 2022
edited
Loading

Do you still remember what the API routes were and where to get the TVST_ACCESS_TOKEN and X-API-Key token from?

@michidk
Copy link
Author

michidk commented Jul 8, 2022
edited
Loading

Okay after a bit of research I found the following:
Base URL is https://api2.tozelabs.com/v2/
X_API_Key is LhqxB7GE9a95beFHqiNC85GHdrX8hNi34H2uQ7QG

Exemplary requests:
To get the tvst_access_token and user id:

curl --request GET 'https://api2.tozelabs.com/v2/signin?username=<USERNAME>&password=<PASSWORD>'

To then get statistics about series watched:

curl --request GET 'https://api2.tozelabs.com/v2/user/<USERID>/statistics?stat_type=watched&viewer_id=<USERID>' \
--header 'Authorization: Bearer <tvst_access_token>'

Edit: actually seems like it even works without the API key.
It would be nice if we had an overview with API routes.

@seanwlk
Copy link
Owner

seanwlk commented Jul 8, 2022

Some of those APIs dont even need auth from what i recall.
I found some of my notes and one of the things that was bugging me is that you cannot mix the two sessions. If you add the headers with jwt and api key to the http basic auth session, the endpoints that use the jwt bearer will reply with error 500
Here are some of the endpoints i've noted:

https://msapi.tvtime.com/prod/v1/tracking/cgw/watchlist/movies/user/{tvtime.userId}?pageLastKey=null&sort=release_date%2Cdesc
https://users.tvtime.com/v1/users/{tvtime.userId}
https://api2.tozelabs.com/v2/user/{tvtime.userId}?fields=id,is_following,is_blocker,is_private,shows.fields(id,name,season_count,stripped_name,poster,fanart,rating,compatibility_rating,aired_episode_count,watched_episode_count,is_ended,is_started,network,is_archived,is_up_to_date,is_followed,is_favorite,is_thumbsed_down,is_for_later,sorting,filter,filters,country).limit(-1),favorite_shows.fields(id,name,season_count,stripped_name,poster,fanart,rating,compatibility_rating,aired_episode_count,watched_episode_count,is_ended,is_started,network,is_archived,is_up_to_date,is_followed,is_favorite,is_thumbsed_down,is_for_later,sorting,filter,filters,country).limit(-1),sorting,filters,shows_filtering
https://api2.tozelabs.com/v2/discover/shows
https://msapi.tvtime.com/prod/v2/lists/user/{tvtime.userId}
https://msapi.tvtime.com/prod/v1/movies/6d46fe13-36f4-4b60-86ce-40c909ba59f8

The thing now is, either i rewrite everything with the bearer implementation and drop the basic auth method or add support in a non breaking way to the bearer one with a second session internally managed but still have to decide if to implement a refresh of the jwt token

@michidk
Copy link
Author

michidk commented Jul 9, 2022

You could also let the user handle the refreshing of the token by exposing a refresh() function and exceptions that trigger if the token needs to be refreshed.

I just found this repo https://github.com/TheIndra55/tvtime-api/ which documents more of the api2/v2 routes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michidk @seanwlk